Seems like this could be solved pretty simply if the browsers *only* evaled things with a Content-Type of "application/x-javascript" via the

The exploit only allows an unauthorized party to read confidential data in the case where a server decides to send confidential data to unauthorized parties. Fortify has done a great job of confusing people by focusing on the wrong end of the network.

Douglas, you're right. If I understand things correctly the main danger of this exploit is that it increases the scope of the cross site request forgery attack.

Just thinking out loud:
A user authenticates with example.com via Basic Auth (or something similar). This authorizes the user to visit the protected example.com/data.txt, which happens to contain data that looks like a JavaScript array.
In the same session the user visits a page at evil.com, which uses the

